iTSC IT Managed Services

WHAT THE C-SUITE MUST KNOW ABOUT IOT

What the C-suite must know about IoT

In October, a botnet of connected things daisy-chained with the Mirai malware knocked sites like Twitter, Spotify, and GitHub offline at various times.

We live in a world where an army of refrigerators, laundry machines, dishwashers, and toasters can take down Amazon and Netflix, at least for a while.

Crazy as the problem sounds when you say it out loud, it can only be tackled in the C-suite.

Three enterprise problems in one

Your leaders need to understand that there are three (very real) threats from IoT:

Being attacked by an IoT army located anywhere (or everywhere) in the world

Your own IoT devices being conscripted into such an army

Being attacked by your own IoT devices

The structural problem

The structural problem is that IT hardware isn’t only being bought by IT anymore. Your facilities team might buy light bulbs with 4G capability. Your marketing department might invest in beacons.

Changing the structure of your business won’t help against the worldwide army, but it will mitigate the danger of those IoT devices attacking you or someone else.

All this means that IT needs to have a say over things—and departments—that it’s not had a say over before.

1. Training

IT needs to train all employees about what constitutes an IoT device (manufacturers use different marketing terms). There are things everyone can look for, like references to 4G or Wi-Fi on the box rather than “Internet of Things”.

And IT needs to explain that it’s not just being a killjoy. That device with an antenna so it can update its own firmware will sound great to a facilities manager. It’s something anyone in IT can empathise with. But IT also knows that hackers like those antennae, too, because they allow two-way communications that might bypass all network security monitoring controls.

2. Security first

It’s more than likely that your general manager in charge of purchasing hasn’t had to take a security-first view of purchases before when dealing with formerly benign products.

Their Spidey sense might tingle when the facilities manager starts spending $35 on a light bulb, but it won’t be the security angle that has them alarmed. And the facilities manager probably isn’t imagining that a 100w bulb could bring down the IT network.

3. Approval

When anyone in the company heads out to buy an IoT device, they must be made to get IT’s approval. No exceptions.

4. Get C-level buy-in

This is where the C-suite needs to be brought on board, because you’re going to be recommending training (costly) and getting involved in other departments’ spending plans (possible turf war).

Those are hard things to advocate, but the alternative might be explaining how a rogue refrigerator on Level 5 led to the theft of customer data.